AP: set limits on reusing personal data from government data
The Dutch Data Protection Authority (AP) advises to amend the proposal for an amendment to the Reuse of Government Information Act. The proposal, in which the government encourages government institutions to make government data, including personal data, available for reuse, does not set sufficient limits. With the risk that personal data is shared without the permission or knowledge of the people involved.
The bill must ensure that as much government data as possible is made available, for example for research, but also for commercial use. According to the proposal, that data must also be searchable with software and combinable with other data.
Government agencies are requested to make information public, unless they themselves deem that this is not possible.
‘Master of own data’
The AP sees the importance of so-called 'open government data', for example for research. "When it comes to the amount of trees planted in a certain neighborhood or the air quality in an area, there is of course no objection," says AP Vice-President Monique Verdier.
“But when it comes to people, and their addresses, their telephone numbers, their properties, it's something else entirely. You are in charge of your own personal data. It should not be left to government agencies to consider whether personal data can be shared. Ultimately, you should decide for yourself about your data. Unless the legislator - and therefore not a government organization itself - determines that this is not the case.'
The AP has previously criticized the publication of personal data in public registers, such as the Trade Register and the Land Registry. The cabinet will make it possible for self-employed workers who work from home to be able to protect their address in the Trade Register, but this address is still included by default.
In the Land Registry it appears that it is not possible for ordinary people to shield their address for the time being. Those public registers therefore continue to insufficiently protect the personal data of the people they contain.
Data Trading and Threat
‘Data in the Trade Register and the Land Registry are already public and that is already causing problems. With this proposal, the cabinet is making it even easier to retrieve personal data from those registers’, says Verdier.
‘By running an algorithm on it and combining the personal data with other sources, companies can, for example, create profiles of people to sell them: data trading. It can also become even easier to find out where someone lives, to threaten them.'
Make reuse prohibited in principle
In its advice to the cabinet, the AP argues in favor of including in the law that the reuse of personal data in public registers is in principle prohibited. And then to lay down in rules when which personal data may be made available for reuse, and are therefore an exception to that prohibition.
The rules must also take into account the freedom of people to have their data made available for reuse. This way you really have access to your own personal data.